dolibarr  7.0.0-beta
ws.lib.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (C) 2011 Laurent Destailleur <eldy@users.sourceforge.net>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 3 of the License, or
7  * (at your option) any later version.
8  *
9  * This program is distributed in the hope that it will be useful,
10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12  * GNU General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program. If not, see <http://www.gnu.org/licenses/>.
16  * or see http://www.gnu.org/
17  */
18 
35 function check_authentication($authentication,&$error,&$errorcode,&$errorlabel)
36 {
37  global $db,$conf,$langs;
38  global $dolibarr_main_authentication,$dolibarr_auto_user;
39 
40  $fuser=new User($db);
41 
42  if (! $error && ($authentication['dolibarrkey'] != $conf->global->WEBSERVICES_KEY))
43  {
44  $error++;
45  $errorcode='BAD_VALUE_FOR_SECURITY_KEY'; $errorlabel='Value provided into dolibarrkey entry field does not match security key defined in Webservice module setup';
46  }
47 
48  if (! $error && ! empty($authentication['entity']) && ! is_numeric($authentication['entity']))
49  {
50  $error++;
51  $errorcode='BAD_PARAMETERS'; $errorlabel="The entity parameter must be empty (or filled with numeric id of instance if multicompany module is used).";
52  }
53 
54  if (! $error)
55  {
56  $result=$fuser->fetch('',$authentication['login'],'',0);
57  if ($result < 0)
58  {
59  $error++;
60  $errorcode='ERROR_FETCH_USER'; $errorlabel='A technical error occurred during fetch of user';
61  }
62  else if ($result == 0)
63  {
64  $error++;
65  $errorcode='BAD_CREDENTIALS'; $errorlabel='Bad value for login or password';
66  }
67 
68  if (! $error && $fuser->statut == 0)
69  {
70  $error++;
71  $errorcode='ERROR_USER_DISABLED'; $errorlabel='This user has been locked or disabled';
72  }
73 
74  // Validation of login
75  if (! $error)
76  {
77  $fuser->getrights(); // Load permission of user
78 
79  // Authentication mode
80  if (empty($dolibarr_main_authentication)) $dolibarr_main_authentication='http,dolibarr';
81  // Authentication mode: forceuser
82  if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
83  // Set authmode
84  $authmode=explode(',',$dolibarr_main_authentication);
85 
86  include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
87  $login = checkLoginPassEntity($authentication['login'],$authentication['password'],$authentication['entity'],$authmode);
88  if (empty($login))
89  {
90  $error++;
91  $errorcode='BAD_CREDENTIALS'; $errorlabel='Bad value for login or password';
92  }
93  }
94  }
95 
96  return $fuser;
97 }
98 
check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
Check authentication array and set error, errorcode, errorlabel.
Definition: ws.lib.php:35
Class to manage Dolibarr users.
Definition: user.class.php:39
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode)
Return a login if login/pass was successfull.